Connection gateway for communicating monitoring and control information between a remotely located mobile device and premises devices/appliances on a premises network

ABSTRACT

A home security and control system for monitoring and controlling an external environment such as a home environment comprising: an Internet browser connectable to an extranet; an extranet located external to the home environment and accessible via the Internet browser; a communications server located in the extranet and adapted to interconnect on demand with one of a series of connection gateways located in predetermined home environments; and a connection gateway located in the home environment adapted to control and/or monitor the operation of at least one security device in the home environment; wherein upon accessing a predetermined address by the Internet browser on the extranet, the communications server connects to a predetermined one of the connection gateways to control and/or monitor the operation of the security device. The extranet can ideally be implemented as a Virtual Private Network (VPN) across an Internet substrate.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation application of pending U.S.patent application Ser. No. 14/536,784 filed Nov. 10, 2014, which is acontinuation of U.S. patent application Ser. No. 09/868,417, filed onOct. 23, 2001, now U.S. Pat. No. 8,914,526, which is a national phase ofInternational Application No. PCT/AU99/01128, filed Dec. 17, 1999, andwhich claims priority to Australian Patent Application No. PP 7764,filed on Dec. 17, 1998. The contents of each of the above-identifiedapplications are hereby incorporated herein by reference in theirentireties.

FIELD OF THE INVENTION

The present invention relates to the area of local and remote monitoringand control, through use of a standard web browser and the Internet

BACKGROUND OF THE INVENTION

A communication node between data and a telecommunication networks isdisclosed in PCT Patent Publication Number WO 94/24803 which describes anode that enables communication between users using different types ofterminals, such as telephones and computers.

PCT Patent Publication Number WO 98/19445 describes a service nodebetween Internet networks and a telecommunications network that is usedto order telephony services by means of HTML pages from a computer witha WWW browser. It also describes a method of calling a subscriber, inwhich the call is ordered by computer but the connection is set upbetween the telephones of a first and second subscriber. The servicenode communicates with computers connected to computer networks usingthe HTTP protocol. The node stores data related to a subscriber; saiddata can be used when the user requests a telephony service.

A system for the control of devices within the home, using web browsers,is described in “Joe Desbonnet and Peter Corcoran. “Browser-styleinterfaces to a home automation network”, IEEE Transactions on ConsumerElectronics, 1997, Volume 43, No. 4, 1063-1069.

The automation and security systems that may be installed in a user'spremises are becoming more and more advanced. Users often have a commonneed to control and monitor such systems both locally and remotely.Typically these systems provide an on-site control panel offering inputfacilities and visual status display facilities, but generally mustresort to non-visual monitoring and control mechanisms for remoteoperation. Remote operation is usually achieved by telephone throughcodes entered via a telephone handset. Some systems allow both local andremote operation using any combination of voice command input and voicefeedback of status. Due to the complexity of the automation systems andthe choices they afford users, such remote systems are cumbersome andlimit the scope for interaction. In addition, the user must learnseveral alternate methods of control.

Another problem with current systems is the absence of a monitoring andcontrol method that provides a geographically independent standardinterface that is universally accessible and not platform or hardwaredependent. The Desbonnet and Corcoran paper describes the use of a webbrowser and the WWW for a standard interface, both local and remote.However it is assumed in that paper that for remote monitoring andcontrol, the site to be controlled is actively connected to the Internetat the time that remote operation is desired. In the case that the siteis not actively connected to the Internet, a user may initiate aconnection from their remote location to the desired site manually.However, this requires special knowledge and telecommunications accessfacilities on the part of the user and is not a suitable mechanism forthose individuals who are not technically literate.

Another problem with current systems, and with the system described bythe Desbonnet and Corcoran paper, is that if the user is geographicallyremote to the user premises, then initiating a direct connection throughthe public telecommunication network is expensive, requiring a longdistance or international call.

Another problem with current systems relates to the handling of alarmand surveillance data. Current systems are based on CCTV and VCRtechnology. A problem associated with such systems is that surveillancedata remains unprotected whilst retained at the site of an incursion.

Another problem with current systems relates to the cost associated withthe surveillance system. System costs for video surveillance may beprohibitive, as they are based on CCTV and VCR technology. In addition,steps must be taken to ensure that surveillance data remains protectedif it must be retained at the site of an incursion. Methods employed tomake such systems tamper-proof add to the total system cost.

Another problem associated with current surveillance systems is thatthey may not differentiate alarm and non-alarm conditions, andcontinuously record activity. Such systems record in a loop fashion,eventually overwriting prerecorded material.

Another problem with current systems is that they do not allow, exceptin the case of expensive systems, a remote user, or remote authorisedsecurity personnel, to interrogate a surveillance or automation systemduring an alarm condition.

Another problem with existing systems is that they do not provide afacility for viewing surveillance material in relation to a userpremises during non-alarm periods using standard platform independentand location independent mechanisms.

SUMMARY OF THE INVENTION

In accordance with a first aspect of the present invention, there isprovided a home security and control system for monitoring andcontrolling an external environment such as a home environmentcomprising: an Internet browser connectable to an extranet; an extranetlocated external to the home environment and accessible via the Internetbrowser; a communications server located in the extranet and adapted tointerconnect on demand with one of a series of connection gatewayslocated in predetermined home environments; and a connection gatewaylocated in the home environment adapted to control and/or monitor theoperation of at least one security device in the home environment;wherein upon accessing a predetermined address by the Internet browser,the communications server connects to a predetermined one of theconnection gateways to control and/or monitor the operation of thesecurity device. The extranet can ideally be implemented as an VirtualPrivate Network (VPN) across an Internet substrate.

Preferably, when a customer connects to their home, their homeeffectively appears to them as a website, with all devices, security andotherwise, accessible for monitoring or control.

In accordance with a further aspect of the present invention, there isprovided a home security system for monitoring a home environmentcomprising: an extranet located external to the home environment;storage means forming part of the extranet; at least one communicationsserver located in the extranet and adapted to interconnect on demandwith one of a series of connection gateways located in predeterminedhome environments; a connection gateway located in the home environmentadapted to control and/or monitor the operation of at least one securitydevice in the home environment; and a security device activating asecurity condition upon the occurrence of a predetermined event;wherein, upon the occurrence of the predetermined event, the securitydevice notifies the connection gateway and transfers event informationon the predetermined event to the connection gateway and the connectiongateway establishes an interconnection with the communications serverand transfers the event information via the communications server to thestorage means for later interrogation by a user of the home securitysystem.

Ideally, the storage means operates virtually in that it is allocateddynamically o a server in accordance with usage demands.

Ideally, the communication server utilises a telecommunications networkto interconnect with the connection gateway. The security devicepreferably can include or respond to alert conditions which arepreferably forwarded to the connection gateway, wherein it can bequalified with a pre-programmed enable, and if the result can be TRUE,an alarm event can be generated, whereupon the connection gatewayestablishes a connection with one of the communications servers, andsurveillance data related to the alarm event can be uploaded to theextranet for secure storage accessible upon interrogation by a user. Ina further refinement, the enables can be across zones or device types soas to simultaneously arm multiple security devices.

In one example, the extranet forms part of the Internet and thecommunications server can be located within the local telephone callradius of the home environment, thus providing lowest cost PSTN accessfrom or to the home environment. Other types of access may be provided(e.g. ADSL or ISDN interconnection).

In a further preferred modification, photos of authorised occupants ofthe home environment are preferably accessible from the extranet and areaccessed upon an alarm event and cross referenced with surveillance datato ascertain whether a true alarm condition has been raised. Theaccessibility to surveillance data can be controlled by the user.

The system preferably requires user authentication to access theextranet by users, with the authentication being provided only once perInternet browser session. The system uses web page technology and can beimplemented in, for example, the following manner: a) directly in HTML,b) directly in XML, c) XML parsed through style sheet to formatsupported by users browser (HTML, WAP, VRML, . . . ), d) scriptinglanguages (e.g. Java). The accessible URL provided for each user of thehome security system provides details of the current status of the homeenvironment of the user. The Internet browser can be utilised inconjunction with an Internet access device which can include a smartcard reader and associated user smart card which provides authenticationdetails and a URL corresponding to the home environment. The smart cardalso ideally facilitates global access to the Internet for access of theextranet, and optionally additionally tracks connections for expensing.The Internet access device can be a computer, WebPhone, Portable digitalassistant, or mobile phone or any other device with web browsingcapability.

In one embodiment, the smart card can include an on-board bio-sensor.Hence the smart card consists of a data receptacle and substrate, withthe substrate including a biosensor on the surface. An embeddedcontroller reads biosensor and processes input data using a storedidentification algorithm. The substrate can also include an embeddedcommunication means and means of accepting power for operation, eitherthrough direct electrical connection or magnetic/rf coupling. Theauthentication data can be bound to an individuals “fingerprint” duringa registration process. Through utilizing an on-board biosensor, sensordevices are not required everywhere, only on the one card.

The extranet can be extended to other uses including providing a userpremises e-mail facility and other facilities, for example downloadingof standard news data etc. The connection gateway can furtherincorporate a user programmed answer strategy, including delayed answer,and optionally detection of a voice connection and recording compressedmessage, thus operating in answering machine mode. After accepting thetransmitted voice, fax, or data, upon completion of inbound call theconnection gateway, can raise a connection to a communications server,and send an indication to the user of the home security system of thereceipt of a recorded data. The connection gateway can further send arecorded compressed voice messages to a communications server forstorage on the extranet for forwarding to a user of the homeenvironment. The connection gateway also provides an indication ofmessages received on a HTML page accessible by a user of the homeenvironment. In one embodiment, the connection gateway acts as a hub andInternet connection mechanism for connected devices including thesecurity devices located in the home environment. That is, the gatewayacts as a router, so if a URL is entered which is external to home itautomatically raises the connection to Internet.

The connection gateway is ideally in a tamper proof enclosure and canoperate without mains power such that, upon tampering, the connectiongateway triggers an alarm and relays the alarm to the extranet.

The system can also include a control terminal interconnected to theconnection gateway, the control terminal comprising a wall mounted flatpanel display incorporating a touch screen and running web browser. Thecontrol terminal can use wireless protocols such as TCP/IP running overwireless standards such as Bluetooth. The control terminal can beequipped with biosensor such as a fingerprint sensor, for accessauthentication of a local user in the home environment to the connectiongateway. Alternatively, other forms of secure authentication can beprovided. The control terminal can be connected to the connectiongateway in a wireless manner and can be powered by rechargeablebatteries, allowing the control terminal mobility within the range ofwireless transmitters attached to the user premises network. Ideally,the control terminal can be of reduced handheld size, so that canoperate as universal premises remote control.

Ideally, the control terminal integrates a digital camera, microphoneand speaker, and H323 protocol software, thus allowing the controlterminal to be used as a videophone, through a standard browserinterface. Alternatively, the control terminal can be provided by apersonal computer (PC) equipped with a user premises network connection,wherein the PC runs a browser accessing a URL corresponding to theconnection gateway. Alternatively, the control terminal can be providedby set top box connected to TV and running a web browser. The controlterminal can be equipped with a smartcard reader for e-commercetransactions over the extranet.

At least one of the security devices can comprise a digital securitycamera embodying image capture and compression method and aninterconnection to the connection gateway running a protocol such as theH323 protocol standard. The camera could alternatively take JPEG stills,motion JPEG, or digital video. The camera preferably can include motiondetection and image significance algorithms which run in the camera, andfilter input so that only detected motion input can be compressed andsent through the connection gateway to the extranet.

The connection gateway can be programmable to allow different responsemechanisms to differing classes of alert event. Preferably, theconnection gateway contains connection details for preferred andsecondary communication servers on the extranet, so that if a firstcommunication server does not respond, other communication servers maybe contacted until successful connection can be achieved. The extranetpreferably can include a user contact database which preferably caninclude preferred contact methods, allowing automatic contact mechanismsto be associated with alarm condition, including use of e-mail, pager,computer generated voice message through telephone, requesting responseor if timeout, security action.

The user data storage on the extranet for storing event data associatedwith the home environment can be allocated virtually and allocatedredundantly, ensuring integrity of stored surveillance data.

The security devices preferably can include an external access mechanismto the user premises. Also one of the security devices can be equippedwith reader for an RF tag that can be used for user authentication orequipped with a smartcard reader that can be used for userauthentication.

Preferably, the connection gateway provides support for standards suchas the HomePnP standard for CEBus networks, OSGI, Bluetooth, the HAVistandard for consumer appliance control etc.

In one example access mechanism, the smartcard preferably can include abiosensor bonded to the substrate of the smart card, and circuitembedded in smartcard to authenticate user before the smartcard willoperate.

In accordance with a further aspect of the present invention, there isprovided a system for providing information access across at least twonetworks, the system comprising a first network having a first networkaccess controller; a second network having a second network accesscontroller; and a user access browser located on the first network forlocating and examining information on the first and second networks bymeans of network address locators; wherein when a predetermined locationon the network is accessed, the first network access controllerinitiates the establishment of a network connection to the secondnetwork access controller so as to provide for the temporaryinterconnection of the first network to the second network, the systemthereby providing a seamless access to information stored on the secondnetwork from the user access browser.

BRIEF DESCRIPTION OF THE DRAWINGS

Preferred embodiments of the present invention will now be describedwith reference to the accompanying drawings in which:

FIG. 1 illustrates the arrangement of the preferred embodiment;

FIG. 2 illustrates the software modules of a gateway;

FIG. 3 illustrates a gateway attached to a series of appliance viadifferent networks;

FIG. 4 illustrates a gateway attached to a series of appliances;

FIG. 5 illustrates schematically the structure of a first camera system;and

FIG. 6 illustrates schematically the structure of a second camerasystem.

DESCRIPTION OF PREFERRED AND OTHER THE EMBODIMENTS

The preferred embodiments provide a method of remote control thatprovides the user visual monitoring and control information. Thepreferred embodiment also provides a visual interface for both remoteand local monitoring and control. The preferred embodiment simplifiesthe use, for a user, of automation and security services in relation totheir designated premises. It also simplifies monitoring of the user'spremises by an authorised security service. It achieves thissimplification of use by providing an integrated facility for monitoringand control, alarm detection and transmission, and alarm servicing, thatis accessible both locally and remotely through a standard web browservia secure user-specific HTML pages. Of course other protocols such asWAP, VRML or XML can also be utilised.

Turning now to FIG. 1, there is illustrated the arrangement of thepreferred embodiment which includes the following components:

An Internet access device 15, which may include, but is not limited to,a computer, a mobile phone with display, a Web Phone, or a PersonalDigital Assistant, capable of connection to the World Wide Web (WWW)through a client web browser supporting the HyperText Transfer Protocol(HTTP).

A web browser interface which runs on the Internet access device 15 andthat allows the user to access, through queries over the WWW, HTML pagesfrom HTTP servers corresponding to associated URLs.

An active Internet connection that connects the Internet access device15 to the Internet 16.

A virtual private network (VPN) 17, termed here the “provider network”,which is connected to the Internet and which embodies a collection ofInternet-accessible resources that implement part of the integratedmonitoring and control, alarm transmission and servicing functions ofthe invention. This network 17, whilst accessible from the Internet,forms an Extranet.

An extranet is a private network that uses the Internet protocols andthe public telecommunication system to securely share part of abusiness's information or operations with suppliers, vendors, partners,customers, or other businesses. An extranet can be viewed as part of acompany's intranet that is extended to users outside the company. Anextranet requires security and privacy. These require firewall servermanagement, the issuance and use of digital certificates or similarmeans of user authentication, encryption of messages, and the use ofvirtual private networks (VPNs) that tunnel through the public network.

A virtual private network (VPN) is a private data network that makes useof the public telecommunication infrastructure, maintaining privacythrough the use of a tunnelling protocol and security procedures. Avirtual private network can be contrasted with a system of owned orleased lines that can only be used by one company. The idea of the VPNis to give the company the same capabilities at much lower cost bysharing the public infrastructure. Using a virtual private networkinvolves encrypting data before sending it through the public networkand decrypting it at the receiving end. An additional level of securityinvolves encrypting not only the data but also the originating andreceiving network addresses.

The resources associated with the provider VPN 17 network include:

An authentication system or database 18 containing access information inrelation to authorised users.

A user connection system or database 14 containing connection parametersin relation to the user premises.

A login facility 19 to initiate a secure connection for authorised usersof Internet access devices 15. User specific HTML (or other standard)pages which are stored on logon facility server 19 and are linked toprivate areas, and possibly public areas.

A service node 20 which uses the user connection parameters to direct acommunications server 21 to establish a connection through either aprivate or public telecommunications network to a gateway 22 at the userpremises.

A communications server 21.

A telecommunications network 24.

A user premises gateway 22 including a web server running on the userpremises gateway 22.

A home network 26 attached to the gateway 22, which may include sub netsof differing physical implementation.

Appliances 27 attached to the home network which may be monitored andcontrolled by gateway 27 and include specific intrusion detectiondevices which may instigate alarms.

A surveillance device 28 in the form of a digital security camera orother form of intrusion detection such as motion detection etc.

A control terminal 29. The following situations for operation of thepreferred embodiment are identified:

1. The user is in a remote location with respect to their premises andwishes to monitor and control, or retrieve recorded data associatedwith, their premises;2. The user is local to their premises and wishes to monitor and controltheir premises;3. An alarm condition is reported to the monitoring network, andsurveillance data recorded.

1. Remote Operation

The user premises network 26 is normally in an unconnected state inrelation to the provider network 17. Specific actions on the part of theremote user, or their authorised agents, connect the user premisesnetwork to the provider network, thus allowing monitoring and controloperations to proceed.

Each user registered with the provider network has login data andpremises connection data stored respectively in user login and userconnection systems or databases 18 located within the provider network.In addition, private Web pages are provided for each user, allowingaccess to URLs dedicated to either of two resource classes. One resourceclass is dedicated to stored surveillance data, whilst the otherresource class is dedicated to active connection to the user premisesfor monitoring and control.

A remote user, who desires to monitor or control their premises, uses aweb browser on an Internet access device 15 to view the private HTMLpages that are dedicated to monitoring and control of the user premisesby entering a URL associated with the HTML page they wish to access.

Before the remote user may view the particular HTML pages that areassociated with the monitoring and control of the user premises, theymust first identify themselves to the provider network via a loginprocedure associated with the HTML pages in question. Once the user'sidentification details, constituting a user name and password areauthenticated, the user is permitted access to the HTML page requested.

Once the user authentication process is complete, the records associatedwith the user, detailing connection parameters for the user premises,are retrieved from a database 18 in the provider network. The process ofaccessing the URL dedicated to the monitoring and control of the userpremises initiates a sequence of events that culminate in connection ofthe user premises network 26 to the provider network 17. A service node20 within the provider network intercepts the access to the URLdedicated to the monitoring and control of the user premises, and usesthe premises connection data associated with the user to instruct acommunications server 21 to initiate a connection to the gateway 22 atthe user premises

The communications server 21 at the service node interprets the userconnection parameters and initiates a connection phase across thetelecommunications facility to connect with the gateway 22 at thecustomer premises. The telecommunications facility 24 includes anysystem that allows end to end communication, including but not limitedto the PSTN, PLMN, ISDN and RF communication.

Preferably, a gateway 22 at the user premises has a dedicated port tothe telecommunications network. However, it is possible for the gatewayto share the port to the telecommunications network, in which case theuser may connect to the gateway using a number of different responsemechanisms, including a delayed answer mechanism.

The gateway answers the incoming call and completes the connection. Thegateway and the connection server negotiate connection parameters andestablish a network connection between the user premises network and theprovider network. A web server on the gateway then accepts HTTP protocolthrough the connection. The service node 20 forwards the URL that waspreviously intercepted and that corresponds to a resource containedwithin the customer premises network to the gateway.

Turning now to FIG. 2 there is illustrated the components running on thegateway computer 22 in more detail. The computer includes a HTTP server30 which runs as an application. The gateway web server 30 then servesinformation in relation to user premises appliances through appropriateweb pages to the user. The gateway web server communicates with aServices Module 31, which allows the control and monitoring actions tobe performed, and issues requests to the Services Module 31 to fulfilthe user requests. The requests are relayed through the protocol stack34 attached to the operating system resident in the gateway to thetarget appliances attached to the network. Data is sent or received fromthe device in response to the requests. In the case of control actions,the device performs the action, whilst in the case of monitoringactions, the device returns the requested data.

As illustrated in FIG. 3, the gateway can be interconnected to a seriesof appliances 40 over a number of different networks 41, 42, 43. FIG. 4illustrates one form of hardwired interconnection with a series ofappliances 27.

User Access Master Node Website

1. From web browser, user initiates connection to login facility httpserver 19 via its domain name server (DNS) address.2. DNS address is translated to associated IP address of login facility19 by a DNS server.3. HTTP connection request is sent to IP address of login facility 19.4. HTTP request is received by login facility 19 HTTP server and ACK isreplied5. Page request is sent to HTTP service node 20.6. HTTP service node 20 determines availability of requested document7. HTTP service node 20 responds with response code. 8. HTTP transactionoccurs

User Logs In

1. User access login page at login facility 19.2. User is prompted for authentication details3. User supplies authentication details4. HTTP login facility 19 receives authentication details (potentiallyvia SSL 40 bit secure connection)5. HTTP login facility 19 decodes details and consults authenticationdatabase 18.6. Database 18 verifies user authentication and notifies login facility.7. If successful, user profile/identifier is pulled from database 18.8. Two concurrent processes are initiated on service node 20 (P1 to keepthe user informed, the P2 to establish the connection via communicationsserver 21 to the monitored premises9. P1 Personalised web page is dynamically constructed and sent touser's browser requesting wait10. P2 Connection profile is used to initiate request to gateway 22 byeither of 3 possible scenarios

Scenario 1: Service Node 20, Login Facility 19 and ConnectionEstablishment Server 21 are Co-Resident at Same Network Node

1. A response request is sent to an interface on the connection server21 which initiates connection (dialup) to remote host 22.2. Connection is established using connection profile for automaticauthentication at remote side.3. Remote web server gateway is queried for active HTTP services4. If successful user HTTP connection is redirected to remote HTTPservice on gateway 22.5. If non-successful the user is notified and alert raised to monitoringpersonnel monitoring extranet 17.

Scenario 2: Service Node 20 and Connection Establishment Service 21 areat Separate Nodes, Connection is Identified by Static Addressing

1. A response request is sent to communications server 21 which alsoholds subnet routing entry for static IP address.2. Response is delivered to communications server 21 via intermediategateways using appropriate routing protocol b3. Request for response is delivered to appropriate interface oncommunications server 21, which may initiate remote connection viaentries within gateway configuration tables4. Wait state is established until positive response from gateway 22bound with specified IP address5. Response (either positive or negative) is received fromcommunications server 21.6. Response is relayed to login facility 18.7. If successful user HTTP connection is redirected to remote HTTPservice on gateway 22.8. If non-successful user is notified and alert raised to monitoringpersonnel Scenario 3: Service Node 20 and Connection EstablishmentServer 21 are at Separate Nodes, and Connection must Establish Identityvia Dynamically Assigned AddressingCase 1: Dynamic assignment is achieved by reconfiguration of end pointrouter interface configuration tables service node 20.1. A control channel is established to the end-point gateway 22 asspecified in the connection profile2. The end point gateway 22 is programmed with the IP address specifiedin the connection profile (the IP address may be obtained dynamically bythe service node 20 server from any dynamic host configuration service),and with the connection details required to establish physicalconnection via OSI level 1 network.3. Request for response is sent to IP address specified in connectionprofile of device e.g. 27-29 via end point gateway 22.4. Request for response is delivered to appropriately reconfiguredinterface.5. Response (either positive or negative) is received from interface ofdevice 27-29.6. Response is relayed to Gateway 22.7. If successful user HTTP connection is redirected to remote HTTPservice on gateway 22.8. If non-successful user is notified and alert raised to monitoringpersonnel

Case 2: Dynamic assignment is achieved by request for IP addressassignment from dynamic host configuration service (local to end-pointrouter) initiated by endpoint router based on connection parameter (fromthe connection profile) encapsulated in the request packet received fromthe server node 20.

1. Service Node 20 encapsulates connection parameters from connectionprofile in request packet which is sent to communications server 21.2. Communications server 21 detects request packet received from servicenode 20.3. Communications server 21 detects queries DHC server with connectionparameters.4. DHC server dynamically assigns IP address for connection profile toendpoint gateway5. Endpoint router reconfigures interface using connection parametersand IP address6. Request for response is delivered to appropriately reconfiguredinterface.7. Response (either positive or negative) is received from interface.8. Response is relayed to Gateway Web/Auth Service9. If successful user HTTP connection is redirected to remote HTTPservice10. If non-successful user is notified and alert raised to monitoringpersonnel For all dynamic IP address assignment methods, the allocatedIP address is relayed to the home gateway once the interface issuccessfully raised (There are several methods. For instance, PPP can beused to negotiate the IP address to be assigned to the Home Gateway)Immediately that the interface with the assigned IP address on the HomeGateway is raised a watchdog process will bind an instance of the HTTPservice to the raised interface for service of request coming through tothat interface.

2. Local Operation

A local user can monitor and control devices and appliances in the userpremises through a control terminal incorporating a display and an inputmechanism and running a web browser. The control terminal can beimplemented as a wall mounted display unit 45, a set top box and TV 46,or a PC 47, which runs a web browser. The user accesses HTML pages onthe gateway 22 which provide monitoring and control services for deviceslocated within the user premises that are attached to the premisesnetwork.

The gateway web server serves information through HTML pages to theuser. The gateway web server communicates with a Services Module, whichallows the control and monitoring actions to be performed, and issuesrequests to the Services Module to fulfil the user requests. Therequests are relayed through the protocol stack attached to theoperating system resident in the gateway to the target appliancesattached to the network. Data is sent or received from the device isresponse to the requests. In the case of control actions, the deviceperforms the action, whilst in the case of monitoring actions, thedevice returns the requested data. The gateway can also acts as arouter, so if non-local address is detected, gateway can raiseconnection so that non-local IP address can be accessed across Internet.

3. Alarm Operation

Devices, such as sensors 49, attached to the user premises network maygenerate alert conditions, in response to a condition detected by adevice sensor or to a particular device state. A special case identifiedis an alert condition generated by an intrusion detection orsurveillance device.

A digital security camera 28 is provided and, as shown in more detail inFIG. 5, incorporates an imaging device 50 for capturing an image fromlens 56, preprocessing unit 51, memory store 52, compression unit 53,network interface 54 and CPU 55. The digital security camera isconnected to the user premises network gateway through a physical orwireless network. The gateway 22 and the camera system 28 communicatethrough a common protocol. The imaging device 51 within the digitalsecurity camera continuously records image data, which is then read fromthe imaging device, through the pre-processing circuit 51, and writtento memory store 52. A compressor 53 reads image data from memory andproduces a compressed version of the image data. The CPU 55 mayoptionally analyse the raw image using motion detection and imagesignificance algorithms programmed into the CPU. If the security systemis armed, and a significant event is detected, an alert condition isgenerated and compressed images and other information are transmittedthrough the network interface 54, across the user premises network, tothe gateway 22.

In another embodiment of the security camera, as shown in FIG. 6, thefunctionality of the gateway is incorporated directly into the cameraand a telecommunications interface 57 is provided for direct connectionwith the communications server.

Returning to FIG. 1, generally, once an alert condition is detected by asensor or other device attached to the user premises network,information regarding the alert condition is transmitted via the userpremises network 26 to the gateway 22. Software on the gatewayinterprets the information in relation to the alert condition, and mayqualify the alert condition with user pre-programmed qualifiers storedin a database on the gateway 22. An alarm condition is generated if thelogical AND of the alert condition and corresponding qualifier is TRUE.In response to an alarm condition, the gateway 22 uses pre-programmedconnection parameters to initiate a connection through thetelecommunications network 24 to a preferred communications server 21 onthe provider network 17. The communications server answers the call andcompletes the connection. If there is a fault and a successfulconnection to the communications server can not be raised, the gatewaymay retrieve from a local database further connection details foralternative communication servers on the provider network. Once asuccessful connection exists between the gateway and a communicationserver on the provider network, the gateway and the communication servernegotiate connection parameters and establish a connection between theuser premises network 26 and the provider network. This processidentifies the user premises network, and hence the associated user, tothe provider network 17. Information in relation to the alarm conditionis transmitted from the user premises network 26 to the provider network17. Software running on the provider network processes the alarmcondition, and transmits an alarm state to a monitoring console. Inaddition, pre-programmed alarm actions in relation to the user areretrieved from a user database 18 on the provider network, and allactions identified are automatically performed. These may includeautomatic notification of the alarm condition to the user throughmechanisms such as, but not limited to: e-mail, pager, and telephone. Inaddition, all data associated with the alarm condition transmitted fromthe user premises network to the provider network is stored in a securerepository within the provider network. User pre-programmed qualifiersmay gate access to this recorded surveillance data by authorisedmonitoring personnel. The data is accessible to the user in theirprivate storage area, and may be viewed from their web browser.

Further modifications and applications are possible. For example, theconnection gateways could form nodes of a distributed computingenvironment that may be allocated by the extranet on a demand basis tofacilitate supercomputer type calculations.

It would be appreciated by a person skilled in the art that numerousvariations and/or modifications may be made to the present invention asshown in the preferred embodiment without departing from the spirit orscope of the invention as broadly described. The preferred embodimentis, therefore, to be considered in all respects to be illustrative andnot restrictive.

What is claimed is:
 1. A system comprising: (a) at least one connectiongateway located in a user premises network; (b) at least one serverlocated in a network external to the user premises network andconfigured to establish communication sessions involving the at leastone connection gateway and one or more access devices running a userinterface application; and (c) at least one premises device or appliancelocated in the user premises network and communicatively coupled to theat least one connection gateway and not communicatively coupled to theserver, wherein the at least one premises device or appliance isconfigured to output premises monitoring information and receivepremises control information; wherein: (i) one or more of thecommunications sessions involve the transfer of one of the premisesmonitoring information and the premises control information; (ii) the atleast one server is configured to determine which connection gateway toestablish one of the communication sessions with based on authenticationdetails received from the access device, wherein the authenticationdetails are used by the at least one server to retrieve premisesconnection data; and (iii) the user interface application is configuredto receive and display the premises monitoring information or outputpremises control information.
 2. The system of claim 1, wherein thenetwork is a Virtual Private Network (VPN).
 3. The system of claim 1,wherein the at least one premises device or appliance is a surveillancedevice.
 4. The system of claim 1, wherein the at least one premisesdevice or appliance is a user appliance.
 5. The system of claim 1,wherein the at least one server is configured to receive and send thepremises monitoring information and the premises control information aspart of the communications sessions.
 6. The system of claim 1, whereinthe access devices running a user interface application is configured toreceive the premises monitoring information from one of the server andthe connection gateway as part of the communications sessions.
 7. Thesystem of claim 1, wherein the connection gateway and the at least onepremises device or appliance are enclosed in a common housing.
 8. Thesystem of claim 1, wherein the connection gateway is configured togenerate an alarm state in response to determining that the premisesmonitoring information received from the at least one premises device orappliance is related to an alert condition.
 9. The system of claim 1,wherein the connection gateway is communicatively coupled to the atleast one premises device or appliance through a wireless communicationsprotocol.
 10. The system of claim 1, wherein the authentication detailscomprise a user name and password.
 11. The system, of claim 1, whereinthe server is configured to store the premises monitoring information.12. A connection gateway comprising: (a) a gateway web server configuredfor installation at a user premises to connect to at least one servicenode; and (b) a services module communicatively coupled to at least onepremises device or appliance located at the user premises, wherein theconnection gateway is configured to establish communications sessionsinvolving the at least one service node and the premises device orappliance, which is not directly connected to the at least one servicenode, and wherein the premises device or appliance is configured tooutput premises monitoring information and receive premises controlinformation; wherein: one or more of the communication sessions involvethe transfer of one of premises monitoring information and premisescontrol information between the at least one service node and thepremises device or appliance; and wherein the gateway web server isfurther configured to: (i) receive or send the premises monitoringinformation and premises control information as part of the transfer ofpremises monitoring information and premises control information; (ii)receive information originating from an access device upon the at leastone service node's authentication based upon authentication details theat least one service node receives from the access device running a userinterface application, wherein the authentication details are used bythe at least one at least one service node to retrieve premisesconnection data and establish the one or more communications sessions;and (iii) output premises monitoring information in a format for displayby the access device running a user interface application.
 13. Theconnection gateway of claim 12, wherein the at least one premises deviceor appliance is a surveillance device.
 14. The connection gateway ofclaim 12, wherein the at least one premises device or appliance is auser appliance.
 15. The connection gateway of claim 12, wherein theaccess device is a mobile device.
 16. The connection gateway of claim12, wherein the gateway web server is configured to send the premisesmonitoring information to one of the service node and the access devicerunning a user interface application.
 17. The connection gateway ofclaim 12, wherein the services module and the at least one premisesdevice or appliance are enclosed in a common housing.
 18. The connectiongateway of claim 12, wherein the gateway web server is configured togenerate an alarm state in response to determining that the premisesmonitoring information received from the at least one premises device orappliance is related to an alert condition.
 19. The connection gatewayof claim 12, wherein the services module is communicatively coupled tothe at least one premises device or appliance through a wirelesscommunications protocol.
 20. The connection gateway of claim 12, whereinthe gateway web server is configured to store the premises monitoringinformation.
 21. A provider network comprising: (a) a login facilityserver configured to authenticate users based on authentication detailsreceived by the login facility server from one or more access devicesrunning a user interface application; and (b) a communications serverconfigured to establish communications sessions involving the providernetwork and at least one connection gateway located in a user premisesnetwork and configured to receive from the connection gateway premisesmonitoring information from at least one premises device or appliancelocated at the user premises and receive premises control informationfrom one or more access devices running a user interface application,wherein the at least one premises device or appliance is configured tooutput premises monitoring information and receive premises controlinformation; and wherein: (i) the communications server is not directlycommunicatively coupled to the premises device or appliance; (ii) one ormore of the communications sessions involve the sharing of premisesmonitoring information and premises control information between theaccess device and the premises device or appliance; (iii) thecommunications server is configured to receive the premises monitoringinformation and send the premises control information as part of one ormore of the communications sessions; (iv) the communications server isconfigured to determine which connection gateway to establish one of thecommunication sessions with based on the authentication details, whereinthe authentication details are used by the provider network to retrievepremises connection data; and (v) the communications server isconfigured to provide premises information to the access device in aformat for display by the user interface application.
 22. The providernetwork of claim 21, wherein the at least one premises device orappliance is a surveillance device.
 23. The provider network of claim21, wherein the at least one premises device or appliance is a userappliance.
 24. The provider network of claim 21, wherein the connectiongateway and the at least one premises device or appliance are enclosedin a common housing.
 25. The provider network of claim 21, wherein theconnection gateway is configured to generate an alarm state in responseto determining that the premises monitoring information received fromthe at least one premises device or appliance is related to an alertcondition.
 26. The provider network of claim 21, wherein the servicesmodule is communicatively coupled to the at least one premises device orappliance through a wireless communications protocol.
 27. The providernetwork of claim 21, wherein the communications server is configured tostore the premises monitoring information.
 28. Computer readable programcode configured to cause an access device to perform a method ofreceiving premises monitoring information and sending premises controlinformation comprising: (a) initiating a communications session by aprovider network involving an access device and a communicationsgateway, wherein the communications session is initiated based onauthentication details received by the provider network from the accessdevice, wherein the authentication details are used by the providernetwork to retrieve premises connection data related to thecommunications gateway; (b) sending premises control information to oneof the provider network and the connection gateway for delivery throughthe connection gateway to a premises device or appliance, wherein theconnection gateway is located in a user premises network and iscommunicatively coupled to the premises device or appliance, wherein thepremises device or appliance is configured to output premises monitoringinformation and receive premises control information and is nototherwise connected to the provider network; and (c) receiving premisesmonitoring information from one of the provider network and theconnection gateway and processing the premises monitoring informationfor display by the access device.
 29. The computer readable program codeof claim 28, wherein the access device is configured to receive an alarmstate from one of the communications gateway and the provider network inresponse to a determination that the premises monitoring informationreceived from the at least one premises device or appliance is relatedto an alert condition.
 30. The computer readable program code of claim28, wherein the connection gateway is communicatively coupled to the atleast one premises device or appliance through a wireless communicationsprotocol.